Week in review: Hotmail 0-day bug, CISPA, and securing embedded devices

Here’s an overview of some of last week’s most interesting news, podcasts and articles:

SpyEye botnet for sale at bottom price
A drop in the price asked for the latest version of the SpyEye botnet has security researchers worrying that users might soon be targeted with an increasing amount of infection attempts.

Securing embedded devices
Embedded devices – those small, programmable chips that are becoming so ubiquitous as our modern lives become increasingly filled with electronic tools and gadgets – will have to become more secure as time goes by.

IT security pros most afraid of highly publicized attacks
Concerns over hacktivism and targeted state-sponsored attacks are at the top of security professionals’ minds according to a new survey and research report.

India becomes top spamming country
With 9.3 percent of all spam coming from computers located within its borders, India is followed by the US (8.3 percent), South Korea (5.7 percent), Indonesia and Russia (both 5 percent).

Fake warning about Olympic-themed scams carries malware
Trend Micro researchers have recently spotted an email campaign that apparently warns users about Olympics-themed scams, and purportedly offers a list of bogus sites and organizations selling fake tickets.

Macs harbor both Mac and Windows malware
Have the predictions made yearly by many security firms finally come true? Will Mac users be forced to invest in a good antivirus solution? According to the latest numbers produced by security firm Sophos, the penny has indeed dropped.

Phishing and malware meet cheque fraud
Trusteer recently uncovered a scam in an underground forum that shows how data obtained through phishing and malware attacks can be used to make one of the oldest forms of fraud – cheque forging – even harder to prevent.

Russian cybercrime market doubles in size
Russian cybercrime investigation and computer forensics company and LETA Group subsidiary Group-IB released a 28-page report prepared by analysts from its computer forensics lab and its CERT-GIB unit on the Russian cybercrime market in 2011.

Google raises bug bounty to $20,000
Google has announced that it will be updating the rules for its bug bounty program and will start handing out bigger amounts to the researchers participating in it.

Breaches of large organizations are at a record high
The number of large organizations being hacked into is at a record high; the overall cost of security breaches to UK plcs is now billions of pounds a year, a new survey of 447 UK businesses shows.

VMvare confirms server hypervisor source code leak
VMware has confirmed that a file from the VMware ESX server hypervisor source code has indeed been leaked by a hacker that goes by the handle “Hardcore Charlie”.

One in 10 secondhand hard drives contains personal information
One in ten secondhand hard drives contains residual personal data of its previous owner, revealed an investigation commissioned by the UK Information Commissioner’s Office and executed by IT assurance company NCC Group.

Facebook partners with security vendors, offers free AV
Facebook has announced that it’s partnering with five top security companies and it will be offering downloads of their anti-virus solutions on a newly created AV Marketplace.

Hotmail remote password reset 0-day bug found, patched
A critical security flaw affecting Microsoft’s Hotmail has been detected almost simultaneously by Vulnerability Lab researchers and a Saudi Arabia hacker and, until a temporary fix has been put in place by Microsoft on Friday last, it has been used by hackers to hijack users’ Hotmail/Live account.

World renowned experts to examine SSL governance
Just two months from its inauguration date at the RSA Conference in San Francisco on February 29, the Trustworthy Internet Movement (TIM) announced today that it has chosen SSL governance and implementation across the Internet as its first project.

36 credit card fraud websites taken down
The sites, identified as specializing in selling stolen payment card and online bank account details, used e-commerce type platforms known as Automated Vending Carts (AVC’s) allowing criminals to sell large quantities of stolen data quickly and easily.

PayPal no longer the most phished brand
A new phishing survey released by the Anti-Phishing Working Group (APWG) reveals that in the second half of 2011, China’s Taobao.com became the world’s most frequently phished brand target, exceeding the previously most-victimized brand, PayPal.

US House of Representatives passes CISPA
In a move that took the opponents of the proposed Cyber Intelligence Sharing and Protection Act (CISPA) by surprise, the US House of Representatives has voted on the bill a full day before it was planned and has passed it with a vote of 248-168.

More about

Don't miss